Cyber Security Vulnerabilities Week of 2/19/2024

This week in cybersecurity, the landscape has been active with a variety of vulnerabilities and attacks being reported across different platforms and services. Here are some of the top cybersecurity vulnerabilities and incidents:

1. Bricks WordPress Site Builder Vulnerability: Hackers are exploiting a critical remote code execution (RCE) flaw in the Brick Builder Theme, allowing them to run malicious PHP code on affected sites. This underscores the importance of keeping WordPress themes and plugins up to date to avoid unauthorized access and code execution​​.
2. SolarWinds RCE Bugs: SolarWinds patched five RCE vulnerabilities in its Access Rights Manager solution, including three of critical severity that could be exploited without authentication. It’s crucial for users of SolarWinds products to apply these patches to protect their networks from potential unauthorized access​​.
3. Ivanti Gateway Vulnerabilities: Over 13,000 Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to several security issues that have been actively exploited. Despite patches being available, many endpoints have not been updated, leaving them open to attacks​​.
4. ESXiArgs Ransomware Attacks: More than 500 hosts have fallen victim to the ESXiArgs ransomware, particularly in Europe. These attacks have been active for several months, targeting hosts that are no longer receiving security updates, emphasizing the necessity of maintaining systems with the latest security patches​​.
5. Massive DDoS Attack: Cloudflare reported stopping a “hyper-volumetric” DDoS attack, peaking at over 71 million requests per second, the largest HTTP DDoS attack recorded so far. This incident highlights the ongoing threat of DDoS attacks and the need for robust defenses​​.
6. Microsoft Urgent Patches: Microsoft released patches for 75 vulnerabilities, including two actively exploited zero-days. Given the critical nature of some of these vulnerabilities, users are advised to update their Microsoft products promptly to mitigate the risk of remote attacks​​.
7. Arm’s Mali GPU Driver Vulnerability: Google researchers have identified a vulnerability in Arm’s Mali GPU chips that could allow attackers to access data from memory. Affected devices include popular models from Samsung, Motorola, and Xiaomi. Users of these devices should be on the lookout for software updates that address this security flaw​​.
8. WS_FTP and Exim Mail Server Vulnerabilities: Critical vulnerabilities have been disclosed in WS_FTP servers and Exim mail servers, including remote code execution risks. Administrators are advised to apply the necessary patches immediately to prevent potential attacks​​.
9. Cisco IOS Vulnerabilities: Cisco disclosed multiple vulnerabilities in its IOS and IOS XE, including one that has been actively exploited. Organizations using Cisco products should ensure their systems are updated to prevent unauthorized access or attacks​​.

These incidents and vulnerabilities highlight the dynamic and ever-evolving nature of the cybersecurity landscape. Organizations and individuals must remain vigilant, regularly update their software, and adopt comprehensive security measures to protect against these and future threats.